By Isabel Lay
Cambridge Analytica. March 2018.
A massive security breach in which millions of Facebook users’ data was mined without their knowledge has prompted the computer science department at Western to gear up research to answer the question: What do you do after a massive breach in online security?
“Run for the hills,” Michael Tsikerdekis, an assistant professor in the computer science department, said.
Tsikerdekis, who specializes in cyber security and online deception, said he has devoted his research to trying to identify malicious social media accounts. That entails finding out what suspicious accounts look like.
Tsikerdekis said part of the cause of security breaches seems to be that the focus in the tech industry has shifted from caring for users’ data to trying to develop the most current technology.
“Most companies want to get ahead by developing new, innovative stuff,” Tsikerdekis said. “They put a lot of money into research and development, [but] the privacy-related aspects aren’t studied to the degree that they should.”
Erik Fretheim, director of the computer science program, said he agrees.
“[Cyber security] is a mess and it’s been ignored for far too long,” he said. “It all needs to be overhauled.”
The issue of cyber security doesn’t rest on users who may be accused of sharing too much on their social media accounts, Fretheim said. Instead, he said the finger should be pointed at companies that do not put time into protecting their users’ information.
“We need to figure out ways to get people to use and apply security,” Fretheim said. “If we design security that is uncomfortable to use, we can’t expect people to use it.”
The tendency for companies to create long, drawn-out terms and conditions contracts that confuse users contributes to this. Critics say many users can’t be expected to understand what is being shared if they can’t comprehend what they’re signing up for.
The jargon used in many contracts means that many users just forego reading the terms and conditions altogether simply because they are so vague.
Additionally, even if users are aware of the extensive sharing of their data that goes on behind closed doors, there is a chance they would rather just look the other way, Student Technology Center employee Connor Hopkins said.
“It’s funny, when I use Facebook I almost feel like there’s this unspoken contract that like, ‘OK, they’re going to track me,’” Hopkins said.“I think maybe we’ve gotten complacent, maybe we’ve decided it’s sort of okay that they track us a little bit.”
Hopkins, who designs workshops for the STC and works on their website, said his concerns about cyber security have larger implications. He said the collection of information from the public without their knowledge undermines users’ right to privacy.
That privacy is fragile, too.
According to Tsikerdekis and Fretheim, once information has been released, it’s virtually impossible for a user to get that information back. Thus, it’s vital to be proactive about a security breach.
“Be more skeptical about the kind of apps that you authorize to access your Facebook account,” Tsikerdekis said. “Be aware that they can access your network information, including your friends’ information. I think that realization is difficult to make because part of this is also social responsibility.”
“Be paranoid,” Fretheim said. “Make sure that you have good passwords. Make sure that you’re aware of what information you’re actually sharing.”
As for the future of tech security, Fretheim said he is not very hopeful.
“I think we’re going to keep going the way we’re going,” he said. “We’re going to have to somehow figure out other ways to bring people on board. That’s going to be the real key.”